Health insurer Anthem is proactively reaching out to members to specifically explain that there is no evidence credit card or medical information was targeted or compromised as part of the data breach it discovered last week.
As many as 80 million people could be affected by the cyberattack, which could go down as the largest data breach ever acknowledged by a healthcare company.
Ketchum, Anthem’s public relations firm, is providing the health insurance giant with subject matter experts and advising the company on best practices, said Kristin Binns, VP of PR at the insurer.
“Our main priority is to be clear about the information we have assessed that has not been included in this breach, such as medical, banking, and credit card information,” Binns explained. “We want to make this clear to our customers, so we start eliminating initial concerns as best we can.”
Attackers did, however, gain unauthorized access to Anthem’s IT system and obtained personal information from current and former customers, such as their names, birthdays, medical IDs, Social Security numbers, street addresses, email addresses, and employment information. They may have also stolen income data, Anthem president and CEO Joseph Swedish confirmed in an open letter posted on the company’s website.
After a string of cyberattacks against major companies in the US and globally in recent years, Binns said customers expect organizations to communicate about breaches as soon as possible and transparently.
“We were very cognizant about being expeditious with our response,” she said, noting that her team executed a notification plan within a week of becoming aware of the attack. “But the challenge with this was making sure we had enough information to ensure what we were putting out there was accurate.”
Once the attack was discovered, Anthem “immediately made every effort to close the security vulnerability, contacted the FBI, and began fully cooperating with their investigation,” Swedish said in his letter. It also retained cybersecurity firm Mandiant to evaluate Anthem’s systems and identify solutions, Swedish added.
Anthem also launched a microsite, which customers could access via a link from the company’s homepage, that includes an FAQ list and Swedish’s letter. It also emailed the memo directly to customers who opted to receive information from the company, Binns said.
The insurer also shared the open letter on Anthem’s social media channels on Facebook and Twitter.